Yesterday night I was following some security related forums and some person posted a phishing kit for a popular bank from Romania. A phishing kit is a collection of scripts to help a script kiddie launch a phishing exploit and steal data such as credit card information, passwords. While looking through the contents of this phishing kit, to my surprise I found a log file containing many valid credit card numbers and other sensitive information. The phishing kit author posted his own kit on the forums but forgot to delete the log file before doing so.

The log file contained the following information:

Name

Address

Town/City

Phone Number

CNP

Credit Card Number

Credit Card Expiry Month

Credit Card Expiry Year

CVV (Credit Card Code)

There is one piece of information that is more interesting than others; CNP. In Romania every citizen has a Personal Numeric Code (Cod Numeric Personal – CNP), which is created by using the citizen’s gender and century of birth, date of birth, the country zone, followed by a serial number and a checksum.

I’ve quickly made a Python script to parse the CNP data, validate it and extract the interesting information such as gender and date of birth, to get some interesting statistics. I’ve also computed the CNP checksum to make sure the number is valid and exclude bogus numbers. Below is what I got:

The first statistic is Male/Female distribution

The following table shows Birth year/age distribution.

Birth year

Percent (%)

Age

1985

12

25

1987

12

23

1988

10

22

1981

10

29

1983

10

27

1989

7

21

1967

7

43

1982

7

28

1986

5

24

1958

2

52

1992

2

18

1963

2

47

1976

2

34

1977

2

33

1979

2

31

1980

2

30

A quick glance shows that the oldest person has 52 years old and youngest one is 18 years old.

Surprising:

this statistics show that the big majority of people scammed are the younger generation, between 21 and 30 years old. This came as a surprise to me.

The last table shows distribution based on month of birth.

Birth month

Percent (%)

December

17

July

15

September

15

November

10

May

10

June

7

April

7

October

5

March

5

February

2

August

2

January

2

P.S.

These statistics were constructed using data from a few hundred valid person records, and the phishing scam was targeted at Romanian people.

We must not forget that internet penetration is much higher in younger people.

The profile of Romanian internet user the top age is nominated by 20-24 years-old (22%), followed by 25-29 years-olds (14%). And I’m sure these numbers would get stiffer if we analyzed online banking users, where older people are typically more resistant